Re: Debugging what is deleting/recreating /etc/resolv.conf with wrong configuration, on debian stable

To: Christoph Brinkhaus <c.brinkhaus@t-online.de>
Cc: debian-user@lists.debian.org
Subject: Re: Debugging what is deleting/recreating /etc/resolv.conf with wrong configuration, on debian stable
From: davenull@tuxfamily.org
Date: Thu, 23 Feb 2023 11:31:44 +0100
Message-id: <[🔎] 2a065b59898f812cc06100bffd1273ee@tuxfamily.org>
In-reply-to: <Y/ZRKihepfygTGQ4@lenovo.local>
References: <[🔎] f43af56015661cdeb98044f72704d2b8@tuxfamily.org> <Y/ZRKihepfygTGQ4@lenovo.local>

Hi

On 2023-02-22 18:30, Christoph Brinkhaus wrote:

Am Wed, Feb 22, 2023 at 06:12:29PM +0100 schriebdavenull@tuxfamily.org:
========= context =========
For the context, I use a Debian 11 laptop for work. When I workremotelyfrom home, I have to use a cisco VPN. Good thing is there isopenconnect,which does work, and in teh case of ym work's VPN, it does wor.cisco's
spyware/downloaded binry, namely using the --csd-wrapper
/usr/libexec/openconnect/"
[snip]
===== end of context =====
What I want is: setting up /etc/resolv.conf ONLY
-  at system startup/initial network connexion.
- when openconnect is executed and connects to work's VPN
- when openconnect is ^C-ed and disconnects from the works VPN(cleaningit's mess in the routing table, interfaces, /etc/resolv's and othernetwwork
stuff it might have modified, makes sense)

Here's what I know:
- Whatever process does that seems does what I highly suspect to beDHCP [1]requests every now and then. Home's router answers giving it's ownaddressas both gateway and DNS resolver. And said process thinks it's OK todeleteand recreate resolv.conf with the wrong content… breaking everythingwork's
related while the VPN is still active
If it is DHCP: You might do a countermeasure in
/etc/dhcp/dhclient.conf. On my system I have an entry as below.

interface "wlp4s0" {
supersede domain-name-servers 127.0.0.1;

Unfortunately, I can't use supersede parameter because I need to usedifferent resolvers at different times/in different contexts.


I would need something more… conditional

IF openconnect is running and has modified resolv.conf, leave that filealone unless you are openconnectOtherwise, when there's no VPN active, you can do normal DHCP requestsand accept whatever currently-active network's router/DHCP tells you andupdate resolve conf accordingly

}

I run unbound as a resolver. The entry in dhcclient.conf prevents that
the entry in /etc/resolv.conf is overwritten.

[snip]

My setup is stoneage like compared to your context.
Anyhow, I hope this is at least useful as a pointer :-).

Kind regards,
Christoph

Reply to:

Follow-Ups:
- Re: Debugging what is deleting/recreating /etc/resolv.conf with wrong configuration, on debian stable
  - From: Reco <recoverym4n@enotuniq.net>

References:
- Debugging what is deleting/recreating /etc/resolv.conf with wrong configuration, on debian stable
  - From: davenull@tuxfamily.org
- Re: Debugging what is deleting/recreating /etc/resolv.conf with wrong configuration, on debian stable
  - From: Christoph Brinkhaus <c.brinkhaus@t-online.de>

Prev by Date: Re: Debugging what is deleting/recreating /etc/resolv.conf with wrong configuration, on debian stable
Next by Date: Re: Debugging what is deleting/recreating /etc/resolv.conf with wrong configuration, on debian stable
Previous by thread: Re: Debugging what is deleting/recreating /etc/resolv.conf with wrong configuration, on debian stable
Next by thread: Re: Debugging what is deleting/recreating /etc/resolv.conf with wrong configuration, on debian stable
Index(es):
- Date
- Thread